lintai docs

Appearance

Rule Reference

SEC314lintai-ai-securitystabletool_jsonwarn

Tool descriptor: missing machine fields

MCP-style tool descriptor is missing required machine fields

Provider
lintai-ai-security
Surface
tool_json
Scope
per_file
Tier
stable
Severity
warn
Confidence
high
Detection
structural
Remediation
message_only

Activation Model

Preset Membership

This rule is part of the builtin activation graph through these preset memberships.

basemembership
mcpmembership

Lifecycle

Stable Lifecycle Contract

State

stable_gated

Graduation rationale

Checks unambiguous MCP-style tool descriptors for missing machine fields instead of relying on prose heuristics.

Deterministic signal basis

ToolJsonSignals MCP collection analysis over parsed tool descriptor JSON.

Malicious corpus
tool-json-mcp-missing-machine-fields
Benign corpus
tool-json-mcp-valid-tool
structured evidence required remediation reviewed
Canonical note

Structural stable rule intended as a high-precision check with deterministic evidence.

Nearby Signals

Related Rules

SEC315Tool descriptors: duplicate tool namesMCP-style tool descriptor collection contains duplicate tool namestool_jsonstable
SEC316OpenAI strict schema: missing additionalProperties falseOpenAI strict tool schema omits recursive additionalProperties: falsetool_jsonstable
SEC317OpenAI strict schema: properties not all requiredOpenAI strict tool schema does not require every declared propertytool_jsonstable
SEC318Anthropic strict schema: missing additionalProperties falseAnthropic strict tool input schema omits additionalProperties: falsetool_jsonstable

Why It Matters

Tool descriptors are machine-consumed contracts. If required machine fields are missing, downstream MCP-style loaders can interpret the tool inconsistently or fail outright.

What Triggers

SEC314 applies to unambiguous MCP-style tool descriptor collections and triggers when a tool entry is missing required machine-facing fields.

Example that triggers:

json
[
  {
    "name": "list_clusters",
    "description": "List clusters"
  }
]

Example that stays clean:

json
{
  "name": "cloudbase-mcp",
  "tools": [
    {
      "name": "auth",
      "inputSchema": { "type": "object", "properties": {}, "additionalProperties": false }
    }
  ]
}

False Positives

The rule is structural and only applies when the JSON clearly looks like an MCP-style tool descriptor surface. Wrapper documents that are not themselves raw tool collections stay clean.

Remediation

Add the missing machine field so the exported tool remains explicit and deterministic for downstream loaders.